Posts

Showing posts from February, 2015

How to enable user authentication for a Postfix SMTP server with SASL

Image
I had originally written this tutorial for xmodulo.com

Every mail server administrator dreads his or her server becoming compromised by spammers. A lot of effort, time and even money is spent on securing mail servers and making sure that the servers do not become open relay. To combat against spambots in an SMTP server, Postfix in general uses the mynetworks parameter to specify the trusted sender network i.e., LAN. In a typical scenario, the users stationed in the internal LAN are legitimate users, and Postfix will happily accept SMTP requests from them, and forward the emails towards destination. Although this used to be the standard practice in the past, today's users want mobility. Everyone wants to be able to send/receive emails in their phones/tablets/laptops at work, home, on the go, or even from their favorite coffee shop around the corner. For people who are in the fields for critical services, a simple email alert could save a lot of time, effort and money. To cope up wi…

How to secure a mail server using encryption

Image
I had originally written this tutorial for xmodulo.com

SSL (Secure Sockets Layer) and its descendant TLS (Transport Layer Security) are the most widely used protocols for encrypting data that is exchanged between a server and a client. These protocols often use X.509 certificates and asymmetric cryptography. STARTTTLS is another method of securing plain-text communication. This protocol also encrypts data with SSL or TLS, but with the same port as the plain-text protocols, instead of using separate ports for SSL/TLS-encrypted communications. For example, IMAP over STARTTLS uses the same port as IMAP (143), while IMAPS (IMAP over SSL) uses a separate port 993. The previous tutorial describes how to set up a mail server running on Postfix and Dovecot, but the security aspect was not covered. In this tutorial, we demonstrate how to add security to a mail server through TLS/SSL-based encryption. Certificates needed for TLS/SSL can be self-signed, signed by a free certification authority (e…

How to set up a mail server in Ubuntu or Debian

Image
I had originally written this tutorial for xmodulo.com

This tutorial will discuss how to set up a working mail server in Ubuntu or Debian. As we know, the two major protocols used in a mail server are SMTP and POP/IMAP. In this tutorial, postfix will be used for SMTP, whiledovecot will be used for POP/IMAP. Both are open source, stable and highly customizable. Please note that securing a mail server is beyond the scope of this tutorial, and will be covered in future tutorials. Prerequisites Each domain should have a DNS server. It is recommended NOT to use a live domain for testing purposes. In this tutorial, a test domain example.tst will be used in a lab environment. A DNS server for this hypothetical domain should have the following records at the least. Forward zone for example.tst: IN MX 10 mail.example.tst. mail.example.tst. IN A 192.168.10.1 Reverse zone for example.tst:192.168.10.1 IN PTR mail.example.tst. While configuring a live mail server, these records can be changed …